Page MenuHomeVyOS Platform
Create Task
Maniphest T752

Add an option to disable IPv4 forwarding on specific interface only
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

There is an IPv4 and IPv6 option to disable forwarding on ALL interfaces set system ip disable-forwarding

There is also an optiontdo disable IPv6 forwarding on a particular interface set interfaces ethernet eth0 ipv6 disable-forwarding

but there is no such option for IPv4 interfaces and even multicast forwarding.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Event Timeline

c-po created this task.Jul 21 2018, 3:22 PM
syncer triaged this task as Wishlist priority.Sep 1 2018, 3:02 PM
pasik added a subscriber: pasik.Oct 1 2018, 9:51 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc5); removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 24 2018, 4:39 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc6); removed VyOS 1.2 Crux (VyOS 1.2.0-rc5).Oct 29 2018, 6:16 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-rc6).Nov 3 2018, 11:12 PM
Viacheslav added a subscriber: Viacheslav.Oct 16 2020, 5:28 PM

How about this?

set system sysctl custom net.ipv4.conf.eth1.forwarding value '0'

sysctl

vyos@r2-roll# sudo sysctl -a | grep conf.eth1.forwarding
net.ipv4.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.forwarding = 1
[edit]
vyos@r2-roll#
c-po added a comment.Oct 16 2020, 8:42 PM

That would be a workaround only - see IPv6 syntax above. Using the refactored interface handling (T2653) makes this a low-hanging fruit.

Viacheslav added a comment.EditedOct 17 2020, 12:54 PM

PR https://github.com/vyos/vyos-1x/pull/576

vyos@r4-roll# set interfaces ethernet eth1 ip disable-forwarding 
[edit]
vyos@r4-roll# commit
[edit]
vyos@r4-roll# sudo sysctl -a | grep conf.eth1.forwarding
net.ipv4.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.forwarding = 1
[edit]
vyos@r4-roll#
Viacheslav closed this task as Resolved.Oct 19 2020, 10:52 AM
Viacheslav claimed this task.

Works as expected.

vyos@r4-roll# set interfaces ethernet eth1 ip disable-forwarding 
[edit]
vyos@r4-roll# commit
[edit]
vyos@r4-roll# sudo sysctl -a | grep "\.forwarding" | grep eth
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth1.forwarding = 0
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth1.forwarding = 1
[edit]
vyos@r4-roll#
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 23 2020, 5:20 PM
dmbaturin renamed this task from Disable IPv4 forwarding on specific interface only to Add an option to disable IPv4 forwarding on specific interface only.Sep 3 2021, 12:10 PM
dmbaturin set Is it a breaking change? to Perfectly compatible.
dmbaturin set Issue type to Feature (new functionality).
dmbaturin edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.3 Equuleus.Sep 10 2021, 6:13 AM